Fabric Site

Location in GUI: Provision » SD-Access » Fabric Sites

Diagram

Classes

fabric (catalyst_center)

Name	Type	Constraint	Mandatory	Default Value
fabric_sites	List	`[fabric_sites]`	No

fabric_sites (catalyst_center.fabric)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes
authentication_template	Class	`[authentication_template]`	No
pub_sub_enabled	Boolean	`true`, `false`	No	`false`
reconfigure	Boolean	`true`, `false`	No
l3_virtual_networks	List	String	No
l2_virtual_networks	List	`[l2_virtual_networks]`	No
anycast_gateways	List	`[anycast_gateways]`	No
wireless_ssids	List	`[wireless_ssids]`	No
fabric_zones	List	`[fabric_zones]`	No
multicast	Class	`[multicast]`	No

authentication_template (catalyst_center.fabric.fabric_sites)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes	`No Authentication`
dot1x_to_mab_fallback_timeout	Integer	min: `3`, max: `120`	No
wake_on_lan	Boolean	`true`, `false`	No
number_of_hosts	Choice	`Unlimited`, `Single`	No
bpdu_guard	Boolean	`true`, `false`	No
authentication_order	Choice	`mac`, `dot1x`	No
pre_auth_acl	Class	`[pre_auth_acl]`	No

l2_virtual_networks (catalyst_center.fabric.fabric_sites)

Name	Type	Constraint	Mandatory
name	String		Yes
vlan_name	String		No
vlan_id	Integer	min: `2`, max: `4093`	No
traffic_type	Choice	`DATA`, `VOICE`	No
fabric_enabled_wireless	Boolean	`true`, `false`	No
associated_l3_virtual_network_name	String		No

anycast_gateways (catalyst_center.fabric.fabric_sites)

Name	Type	Constraint	Mandatory	Default Value
ip_pool_name	String		Yes
pool_type	Any	Choice[`EXTENDED_NODE`, `FABRIC_AP`] or Null	No
auto_generate_vlan_name	Boolean	`true`, `false`	No	`false`
vlan_name	String		No
vlan_id	Integer	min: `2`, max: `4093`	No
security_group_name	String		No
ip_directed_broadcast	Boolean	`true`, `false`	No	`false`
intra_subnet_routing_enabled	Boolean	`true`, `false`	No	`false`
multiple_ip_to_mac_addresses	Boolean	`true`, `false`	No	`false`
supplicant_based_extended_node_onboarding	Boolean	`true`, `false`	No
group_based_policy_enforcement_enabled	Boolean	`true`, `false`	No
layer2_flooding	Boolean	`true`, `false`	No	`false`
traffic_type	Choice	`DATA`, `VOICE`	No	`DATA`
critical_pool	Boolean	`true`, `false`	No	`false`
wireless_pool	Boolean	`true`, `false`	No	`false`
tcp_mss_adjustment	Integer	min: `500`, max: `1440`	No
l3_virtual_network	String		No

wireless_ssids (catalyst_center.fabric.fabric_sites)

Name	Type	Mandatory
name	String	Yes
vlan_name	String	Yes
security_group_name	String	No

fabric_zones (catalyst_center.fabric.fabric_sites)

Name	Type	Constraint	Mandatory
name	String		Yes
authentication_template	Class	`[authentication_template]`	No
l3_virtual_networks	List	String	No
anycast_gateways	List	String	No
l2_virtual_networks	List	String	No

multicast (catalyst_center.fabric.fabric_sites)

Name	Type	Constraint	Mandatory	Default Value
replication_mode	Choice	`NATIVE_MULTICAST`, `HEADEND_REPLICATION`	No
virtual_networks	List	`[virtual_networks]`	No

pre_auth_acl (catalyst_center.fabric.fabric_sites.authentication_template)

Name	Type	Constraint	Mandatory
enabled	Boolean	`true`, `false`	No
implicit_action	Choice	`DENY`, `PERMIT`	No
description	String		No
access_contracts	List	`[access_contracts]`	No

virtual_networks (catalyst_center.fabric.fabric_sites.multicast)

Name	Type	Constraint	Mandatory
name	String		Yes
ip_pool_name	String		Yes
ipv4_ssm_ranges	List	String	No
ipv6_ssm_ranges	List	String	No
multicast_rps	List	`[multicast_rps]`	No

access_contracts (catalyst_center.fabric.fabric_sites.authentication_template.pre_auth_acl)

Name	Type	Constraint	Mandatory
action	Choice	`PERMIT`, `DENY`	Yes
port	Choice	`domain`, `bootpc`, `bootps`	Yes
protocol	Choice	`TCP`, `UDP`, `TCP_UDP`	Yes

multicast_rps (catalyst_center.fabric.fabric_sites.multicast.virtual_networks)

Name	Type	Constraint	Mandatory
name	String		Yes
rp_location	Choice	`FABRIC`, `EXTERNAL`	Yes
ipv4_address	IP		No
ipv6_address	IP		No
is_default_v4_rp	Boolean	`true`, `false`	No
is_default_v6_rp	Boolean	`true`, `false`	No
fabric_rps	List	String	No
ipv4_asm_ranges	List	String	No
ipv6_asm_ranges	List	String	No

Fabric Sites define the SD-Access fabric boundary within the site hierarchy. Enabling a site as a fabric site activates Software-Defined Access functionality including micro-segmentation, policy enforcement, and automated underlay/overlay provisioning. Fabric sites contain Border Devices, Virtual Networks, Anycast Gateways, and Port Assignments. This resource is SDA fabric only.

Examples

Example-1: Basic Fabric Site with No Authentication

This example demonstrates how to configure a basic SD-Access fabric site in Catalyst Center with no authentication requirements. Fabric sites enable Software-Defined Access functionality within designated network areas, providing centralized policy enforcement and micro-segmentation capabilities.

The fabric site configuration includes:

Site hierarchy specification (Global/Canada) for geographic and organizational structure
Authentication template assignment (No Authentication) for simplified initial deployment
Foundation for SD-Access fabric enablement without immediate authentication requirements
Base configuration suitable for proof-of-concept or laboratory environments

---
catalyst_center:
  fabric:
    fabric_sites:
      - name: Global/Canada
        authentication_template:
          name: No Authentication
        pub_sub_enabled: true

Example-2: Campus Fabric Site with Closed Authentication

This example demonstrates how to configure a campus fabric site with closed authentication mode for high-security environments where all network access requires explicit authentication and authorization.

---
catalyst_center:
  fabric:
    fabric_sites:
      - name: Global/Canada
        authentication_template:
          name: Closed Authentication
        pub_sub_enabled: true

Example-3: Multi-Site Fabric Deployment

This example shows how to configure multiple fabric sites across different geographic locations, each with appropriate authentication templates based on local security requirements and organizational policies.

---
catalyst_center:
  fabric:
    fabric_sites:
      - name: Global/North_America/New_York_Office
        authentication_template:
          name: Closed Authentication
        pub_sub_enabled: true


      - name: Global/Asia_Pacific/Tokyo_Branch
        authentication_template:
          name: Open Authentication
        pub_sub_enabled: true

      - name: Global/Europe/London_Office
        authentication_template:
          name: Low Impact
        pub_sub_enabled: true


      - name: Global/Americas/Mexico_City_Branch
        authentication_template:
          name: No Authentication
        pub_sub_enabled: true

Example-4: Fabric Site custom authentication template

This example demonstrates how to configure a fabric site with custom options for authentication templates

---
catalyst_center:
  fabric:
    fabric_sites:
      - name: Global/Corporate/London_Office
        authentication_template:
          name: Closed Authentication
          dot1x_to_mab_fallback_timeout: 30
          wake_on_lan: false
          number_of_hosts: Unlimited
          authentication_order: dot1x
          bpdu_guard: false
        pub_sub_enabled: true


     - name: Global/Corporate/Tokyo_Branch
        authentication_template:
        authentication_template:
          name: Low Impact
          dot1x_to_mab_fallback_timeout: 30
          wake_on_lan: false
          number_of_hosts: Unlimited
          authentication_order: mac
          bpdu_guard: false
          pre_auth_acl:
            enabled: true
            implicit_action: PERMIT
            access_contracts:
              - action: PERMIT
                port: domain
                protocol: UDP
              - action: PERMIT
                port: bootpc
                protocol: UDP
              - action: PERMIT
                port: bootps
                protocol: UDP
        pub_sub_enabled: true

Example-5: Fabric Site configuration with fabric zones

This example demonstrates how to configure a fabric site that has a fabric zone

---
catalyst_center:
  fabric:
    fabric_sites:
      - name: Global/Poland/Bytom
        authentication_template:
          name: Closed Authentication
          dot1x_to_mab_fallback_timeout: 30
          wake_on_lan: false
          number_of_hosts: Unlimited
          authentication_order: dot1x
        pub_sub_enabled: false
        l2_virtual_networks:
          - name: L2_SDA_VN_1
            vlan_name: L2_VLAN_USERS
            vlan_id: 455
            traffic_type: DATA
            fabric_enabled_wireless: false
          - name: L2_VN
            vlan_name: L2VN_VLAN
            traffic_type: DATA
            fabric_enabled_wireless: false
        l3_virtual_networks:
          - SDA_VN_USERS
          - SDA_VN_PRINTERS
          - SDA_VN_CORPORATE
          - INFRA_VN
        anycast_gateways:
          - ip_pool_name: Campus
            vlan_name: Campus_VLAN
            traffic_type: DATA
            l3_virtual_network: SDA_VN_USERS
            wireless_pool: true
          - ip_pool_name: Voice
            vlan_name: Voice_VLAN
            vlan_id: 224
            traffic_type: VOICE
            l3_virtual_network: SDA_VN_USERS
          - ip_pool_name: AP
            pool_type: FABRIC_AP
            vlan_name: AP_VLAN
            vlan_id: 225
            traffic_type: DATA
            l3_virtual_network: INFRA_VN

        fabric_zones:
          - name: Global/Poland/Bytom/Bld_B
            authentication_template:
              name: No Authentication
            l3_virtual_networks:
              - SDA_VN_USERS
            l2_virtual_networks:
              - L2_SDA_VN_1
            anycast_gateways:
              - Campus


  inventory:
    devices:
      - name: LAN-EN2
        fqdn_name: LAN-EN2.cisco.eu
        device_ip: 181.1.1.43
        pid: C9KV-UADP-8P
        state: PROVISION
        device_role: ACCESS
        site: Global/Poland/Bytom/Bld_B
        fabric_zone: Global/Poland/Bytom/Bld_B
        fabric_roles:
          - EDGE_NODE

Example 6: Fabric Site Reconfiguration

When the IPv4 pool used by a Fabric site is modified, for example when DHCP or DNS server information is updated, the Fabric becomes out of date. The site must be re-provisioned so that the changes take effect.

Cisco Catalyst Center displays a warning on the Fabric site indicating that a reconfiguration is required.

---
catalyst_center:
  fabric:
    fabric_sites:
      - name: Global/Poland/Krakow
        reconfigure: true

Location in GUI: Provision » SD-Access » Fabric Sites

Diagram

Classes

fabric (catalyst_center)

Name	Type	Constraint	Mandatory	Default Value
fabric_sites	List	`[fabric_sites]`	No

fabric_sites (catalyst_center.fabric)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes
authentication_template	Class	`[authentication_template]`	No
pub_sub_enabled	Boolean	`true`, `false`	No	`false`
reconfigure	Boolean	`true`, `false`	No
l3_virtual_networks	List	String	No
l2_virtual_networks	List	`[l2_virtual_networks]`	No
anycast_gateways	List	`[anycast_gateways]`	No
wireless_ssids	List	`[wireless_ssids]`	No
fabric_zones	List	`[fabric_zones]`	No
multicast	Class	`[multicast]`	No

authentication_template (catalyst_center.fabric.fabric_sites)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes	`No Authentication`
dot1x_to_mab_fallback_timeout	Integer	min: `3`, max: `120`	No
wake_on_lan	Boolean	`true`, `false`	No
number_of_hosts	Choice	`Unlimited`, `Single`	No
bpdu_guard	Boolean	`true`, `false`	No
authentication_order	Choice	`mac`, `dot1x`	No
pre_auth_acl	Class	`[pre_auth_acl]`	No

l2_virtual_networks (catalyst_center.fabric.fabric_sites)

Name	Type	Constraint	Mandatory
name	String		Yes
vlan_name	String		No
vlan_id	Integer	min: `2`, max: `4093`	No
traffic_type	Choice	`DATA`, `VOICE`	No
fabric_enabled_wireless	Boolean	`true`, `false`	No
associated_l3_virtual_network_name	String		No

anycast_gateways (catalyst_center.fabric.fabric_sites)

Name	Type	Constraint	Mandatory	Default Value
ip_pool_name	String		Yes
pool_type	Any	Choice[`EXTENDED_NODE`, `FABRIC_AP`] or Null	No
auto_generate_vlan_name	Boolean	`true`, `false`	No	`false`
vlan_name	String		No
vlan_id	Integer	min: `2`, max: `4093`	No
security_group_name	String		No
ip_directed_broadcast	Boolean	`true`, `false`	No	`false`
intra_subnet_routing_enabled	Boolean	`true`, `false`	No	`false`
multiple_ip_to_mac_addresses	Boolean	`true`, `false`	No	`false`
supplicant_based_extended_node_onboarding	Boolean	`true`, `false`	No
group_based_policy_enforcement_enabled	Boolean	`true`, `false`	No
layer2_flooding	Boolean	`true`, `false`	No	`false`
traffic_type	Choice	`DATA`, `VOICE`	No	`DATA`
critical_pool	Boolean	`true`, `false`	No	`false`
wireless_pool	Boolean	`true`, `false`	No	`false`
tcp_mss_adjustment	Integer	min: `500`, max: `1440`	No
l3_virtual_network	String		No

wireless_ssids (catalyst_center.fabric.fabric_sites)

Name	Type	Mandatory
name	String	Yes
vlan_name	String	Yes
security_group_name	String	No

fabric_zones (catalyst_center.fabric.fabric_sites)

Name	Type	Constraint	Mandatory
name	String		Yes
authentication_template	Class	`[authentication_template]`	No
l3_virtual_networks	List	String	No
anycast_gateways	List	String	No

multicast (catalyst_center.fabric.fabric_sites)

Name	Type	Constraint	Mandatory	Default Value
virtual_networks	List	`[virtual_networks]`	No

pre_auth_acl (catalyst_center.fabric.fabric_sites.authentication_template)

Name	Type	Constraint	Mandatory
enabled	Boolean	`true`, `false`	No
implicit_action	Choice	`DENY`, `PERMIT`	No
description	String		No
access_contracts	List	`[access_contracts]`	No

virtual_networks (catalyst_center.fabric.fabric_sites.multicast)

Name	Type	Constraint	Mandatory
name	String		Yes
ip_pool_name	String		Yes
ipv4_ssm_ranges	List	String	No
ipv6_ssm_ranges	List	String	No
multicast_rps	List	`[multicast_rps]`	No

access_contracts (catalyst_center.fabric.fabric_sites.authentication_template.pre_auth_acl)

Name	Type	Constraint	Mandatory
action	Choice	`PERMIT`, `DENY`	Yes
port	Choice	`domain`, `bootpc`, `bootps`	Yes
protocol	Choice	`TCP`, `UDP`, `TCP_UDP`	Yes

multicast_rps (catalyst_center.fabric.fabric_sites.multicast.virtual_networks)

Name	Type	Constraint	Mandatory
name	String		Yes
rp_location	Choice	`FABRIC`, `EXTERNAL`	Yes
ipv4_address	IP		No
ipv6_address	IP		No
is_default_v4_rp	Boolean	`true`, `false`	No
is_default_v6_rp	Boolean	`true`, `false`	No
fabric_rps	List	String	No
ipv4_asm_ranges	List	String	No
ipv6_asm_ranges	List	String	No

Examples

Example-1: Basic Fabric Site with No Authentication

The fabric site configuration includes:

Site hierarchy specification (Global/Canada) for geographic and organizational structure
Authentication template assignment (No Authentication) for simplified initial deployment
Foundation for SD-Access fabric enablement without immediate authentication requirements
Base configuration suitable for proof-of-concept or laboratory environments

---
catalyst_center:
  fabric:
    fabric_sites:
      - name: Global/Canada
        authentication_template:
          name: No Authentication
        pub_sub_enabled: true

Example-2: Campus Fabric Site with Closed Authentication

---
catalyst_center:
  fabric:
    fabric_sites:
      - name: Global/Canada
        authentication_template:
          name: Closed Authentication
        pub_sub_enabled: true

Example-3: Multi-Site Fabric Deployment

---
catalyst_center:
  fabric:
    fabric_sites:
      - name: Global/North_America/New_York_Office
        authentication_template:
          name: Closed Authentication
        pub_sub_enabled: true


      - name: Global/Asia_Pacific/Tokyo_Branch
        authentication_template:
          name: Open Authentication
        pub_sub_enabled: true

      - name: Global/Europe/London_Office
        authentication_template:
          name: Low Impact
        pub_sub_enabled: true


      - name: Global/Americas/Mexico_City_Branch
        authentication_template:
          name: No Authentication
        pub_sub_enabled: true

Example-4: Fabric Site custom authentication template

This example demonstrates how to configure a fabric site with custom options for authentication templates

---
catalyst_center:
  fabric:
    fabric_sites:
      - name: Global/Corporate/London_Office
        authentication_template:
          name: Closed Authentication
          dot1x_to_mab_fallback_timeout: 30
          wake_on_lan: false
          number_of_hosts: Unlimited
          authentication_order: dot1x
          bpdu_guard: false
        pub_sub_enabled: true


     - name: Global/Corporate/Tokyo_Branch
        authentication_template:
        authentication_template:
          name: Low Impact
          dot1x_to_mab_fallback_timeout: 30
          wake_on_lan: false
          number_of_hosts: Unlimited
          authentication_order: mac
          bpdu_guard: false
          pre_auth_acl:
            enabled: true
            implicit_action: PERMIT
            access_contracts:
              - action: PERMIT
                port: domain
                protocol: UDP
              - action: PERMIT
                port: bootpc
                protocol: UDP
              - action: PERMIT
                port: bootps
                protocol: UDP
        pub_sub_enabled: true

Example 5: Fabric Site Reconfiguration

Cisco Catalyst Center displays a warning on the Fabric site indicating that a reconfiguration is required.

---
catalyst_center:
  fabric:
    fabric_sites:
      - name: Global/Poland/Krakow
        reconfigure: true

Location in GUI: Provision » SD-Access » Fabric Sites

Diagram

Classes

fabric (catalyst_center)

Name	Type	Constraint	Mandatory	Default Value
fabric_sites	List	`[fabric_sites]`	No

fabric_sites (catalyst_center.fabric)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes
authentication_template	Class	`[authentication_template]`	No
pub_sub_enabled	Boolean	`true`, `false`	No	`false`
reconfigure	Boolean	`true`, `false`	No
l3_virtual_networks	List	String	No
l2_virtual_networks	List	`[l2_virtual_networks]`	No
anycast_gateways	List	`[anycast_gateways]`	No
wireless_ssids	List	`[wireless_ssids]`	No
fabric_zones	List	`[fabric_zones]`	No
multicast	Class	`[multicast]`	No

authentication_template (catalyst_center.fabric.fabric_sites)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes	`No Authentication`
dot1x_to_mab_fallback_timeout	Integer	min: `3`, max: `120`	No
wake_on_lan	Boolean	`true`, `false`	No
number_of_hosts	Choice	`Unlimited`, `Single`	No
bpdu_guard	Boolean	`true`, `false`	No
authentication_order	Choice	`mac`, `dot1x`	No
pre_auth_acl	Class	`[pre_auth_acl]`	No

l2_virtual_networks (catalyst_center.fabric.fabric_sites)

Name	Type	Constraint	Mandatory
name	String		Yes
vlan_name	String		No
vlan_id	Integer	min: `2`, max: `4093`	No
traffic_type	Choice	`DATA`, `VOICE`	No
fabric_enabled_wireless	Boolean	`true`, `false`	No
associated_l3_virtual_network_name	String		No

anycast_gateways (catalyst_center.fabric.fabric_sites)

Name	Type	Constraint	Mandatory	Default Value
ip_pool_name	String		Yes
pool_type	Any	Choice[`EXTENDED_NODE`, `FABRIC_AP`] or Null	No
auto_generate_vlan_name	Boolean	`true`, `false`	No	`false`
vlan_name	String		No
vlan_id	Integer	min: `2`, max: `4093`	No
security_group_name	String		No
ip_directed_broadcast	Boolean	`true`, `false`	No	`false`
intra_subnet_routing_enabled	Boolean	`true`, `false`	No	`false`
multiple_ip_to_mac_addresses	Boolean	`true`, `false`	No	`false`
supplicant_based_extended_node_onboarding	Boolean	`true`, `false`	No
group_based_policy_enforcement_enabled	Boolean	`true`, `false`	No
layer2_flooding	Boolean	`true`, `false`	No	`false`
traffic_type	Choice	`DATA`, `VOICE`	No	`DATA`
critical_pool	Boolean	`true`, `false`	No	`false`
wireless_pool	Boolean	`true`, `false`	No	`false`
tcp_mss_adjustment	Integer	min: `500`, max: `1440`	No
l3_virtual_network	String		No

wireless_ssids (catalyst_center.fabric.fabric_sites)

Name	Type	Mandatory
name	String	Yes
vlan_name	String	Yes
security_group_name	String	No

fabric_zones (catalyst_center.fabric.fabric_sites)

Name	Type	Constraint	Mandatory
name	String		Yes
authentication_template	Class	`[authentication_template]`	No
l3_virtual_networks	List	String	No

multicast (catalyst_center.fabric.fabric_sites)

Name	Type	Constraint	Mandatory	Default Value
virtual_networks	List	`[virtual_networks]`	No

pre_auth_acl (catalyst_center.fabric.fabric_sites.authentication_template)

Name	Type	Constraint	Mandatory
enabled	Boolean	`true`, `false`	No
implicit_action	Choice	`DENY`, `PERMIT`	No
description	String		No
access_contracts	List	`[access_contracts]`	No

virtual_networks (catalyst_center.fabric.fabric_sites.multicast)

Name	Type	Constraint	Mandatory
name	String		Yes
ip_pool_name	String		Yes
ipv4_ssm_ranges	List	String	No
ipv6_ssm_ranges	List	String	No
multicast_rps	List	`[multicast_rps]`	No

access_contracts (catalyst_center.fabric.fabric_sites.authentication_template.pre_auth_acl)

Name	Type	Constraint	Mandatory
action	Choice	`PERMIT`, `DENY`	Yes
port	Choice	`domain`, `bootpc`, `bootps`	Yes
protocol	Choice	`TCP`, `UDP`, `TCP_UDP`	Yes

multicast_rps (catalyst_center.fabric.fabric_sites.multicast.virtual_networks)

Name	Type	Constraint	Mandatory
name	String		Yes
rp_location	Choice	`FABRIC`, `EXTERNAL`	Yes
ipv4_address	IP		No
ipv6_address	IP		No
is_default_v4_rp	Boolean	`true`, `false`	No
is_default_v6_rp	Boolean	`true`, `false`	No
fabric_rps	List	String	No
ipv4_asm_ranges	List	String	No
ipv6_asm_ranges	List	String	No

Examples

Example-1: Basic Fabric Site with No Authentication

The fabric site configuration includes:

Site hierarchy specification (Global/Canada) for geographic and organizational structure
Authentication template assignment (No Authentication) for simplified initial deployment
Foundation for SD-Access fabric enablement without immediate authentication requirements
Base configuration suitable for proof-of-concept or laboratory environments

---
catalyst_center:
  fabric:
    fabric_sites:
      - name: Global/Canada
        authentication_template:
          name: No Authentication
        pub_sub_enabled: true

Example-2: Campus Fabric Site with Closed Authentication

---
catalyst_center:
  fabric:
    fabric_sites:
      - name: Global/Canada
        authentication_template:
          name: Closed Authentication
        pub_sub_enabled: true

Example-3: Multi-Site Fabric Deployment

---
catalyst_center:
  fabric:
    fabric_sites:
      - name: Global/North_America/New_York_Office
        authentication_template:
          name: Closed Authentication
        pub_sub_enabled: true


      - name: Global/Asia_Pacific/Tokyo_Branch
        authentication_template:
          name: Open Authentication
        pub_sub_enabled: true

      - name: Global/Europe/London_Office
        authentication_template:
          name: Low Impact
        pub_sub_enabled: true


      - name: Global/Americas/Mexico_City_Branch
        authentication_template:
          name: No Authentication
        pub_sub_enabled: true

Example-4: Fabric Site custom authentication template

This example demonstrates how to configure a fabric site with custom options for authentication templates

---
catalyst_center:
  fabric:
    fabric_sites:
      - name: Global/Corporate/London_Office
        authentication_template:
          name: Closed Authentication
          dot1x_to_mab_fallback_timeout: 30
          wake_on_lan: false
          number_of_hosts: Unlimited
          authentication_order: dot1x
          bpdu_guard: false
        pub_sub_enabled: true


     - name: Global/Corporate/Tokyo_Branch
        authentication_template:
        authentication_template:
          name: Low Impact
          dot1x_to_mab_fallback_timeout: 30
          wake_on_lan: false
          number_of_hosts: Unlimited
          authentication_order: mac
          bpdu_guard: false
          pre_auth_acl:
            enabled: true
            implicit_action: PERMIT
            access_contracts:
              - action: PERMIT
                port: domain
                protocol: UDP
              - action: PERMIT
                port: bootpc
                protocol: UDP
              - action: PERMIT
                port: bootps
                protocol: UDP
        pub_sub_enabled: true

Example 5: Fabric Site Reconfiguration

Cisco Catalyst Center displays a warning on the Fabric site indicating that a reconfiguration is required.

---
catalyst_center:
  fabric:
    fabric_sites:
      - name: Global/Poland/Krakow
        reconfigure: true

Location in GUI: Provision » SD-Access » Fabric Sites

Diagram

Classes

fabric (catalyst_center)

Name	Type	Constraint	Mandatory	Default Value
fabric_sites	List	`[fabric_sites]`	No

fabric_sites (catalyst_center.fabric)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes
authentication_template	Class	`[authentication_template]`	No
pub_sub_enabled	Boolean	`true`, `false`	No	`false`
reconfigure	Boolean	`true`, `false`	No
l3_virtual_networks	List	String	No
l2_virtual_networks	List	`[l2_virtual_networks]`	No
anycast_gateways	List	`[anycast_gateways]`	No
wireless_ssids	List	`[wireless_ssids]`	No
fabric_zones	List	`[fabric_zones]`	No
multicast	Class	`[multicast]`	No

authentication_template (catalyst_center.fabric.fabric_sites)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes	`No Authentication`
dot1x_to_mab_fallback_timeout	Integer	min: `3`, max: `120`	No
wake_on_lan	Boolean	`true`, `false`	No
number_of_hosts	Choice	`Unlimited`, `Single`	No
bpdu_guard	Boolean	`true`, `false`	No
authentication_order	Choice	`mac`, `dot1x`	No
pre_auth_acl	Class	`[pre_auth_acl]`	No

l2_virtual_networks (catalyst_center.fabric.fabric_sites)

Name	Type	Constraint	Mandatory
name	String		Yes
vlan_name	String		No
vlan_id	Integer	min: `2`, max: `4093`	No
traffic_type	Choice	`DATA`, `VOICE`	No
fabric_enabled_wireless	Boolean	`true`, `false`	No
associated_l3_virtual_network	String		No

anycast_gateways (catalyst_center.fabric.fabric_sites)

Name	Type	Constraint	Mandatory	Default Value
ip_pool_name	String		Yes
pool_type	Any	Choice[`EXTENDED_NODE`, `FABRIC_AP`] or Null	No
auto_generate_vlan_name	Boolean	`true`, `false`	No	`false`
vlan_name	String		No
vlan_id	Integer	min: `2`, max: `4093`	No
security_group_name	String		No
ip_directed_broadcast	Boolean	`true`, `false`	No	`false`
intra_subnet_routing_enabled	Boolean	`true`, `false`	No	`false`
multiple_ip_to_mac_addresses	Boolean	`true`, `false`	No	`false`
supplicant_based_extended_node_onboarding	Boolean	`true`, `false`	No
group_based_policy_enforcement_enabled	Boolean	`true`, `false`	No
layer2_flooding	Boolean	`true`, `false`	No	`false`
traffic_type	Choice	`DATA`, `VOICE`	No	`DATA`
critical_pool	Boolean	`true`, `false`	No	`false`
wireless_pool	Boolean	`true`, `false`	No	`false`
tcp_mss_adjustment	Integer	min: `500`, max: `1440`	No
l3_virtual_network	String		No

wireless_ssids (catalyst_center.fabric.fabric_sites)

Name	Type	Mandatory
name	String	Yes
vlan_name	String	Yes
security_group_name	String	No

fabric_zones (catalyst_center.fabric.fabric_sites)

Name	Type	Constraint	Mandatory
name	String		Yes
authentication_template	Class	`[authentication_template]`	No
l3_virtual_networks	List	String	No

multicast (catalyst_center.fabric.fabric_sites)

Name	Type	Constraint	Mandatory	Default Value
virtual_networks	List	`[virtual_networks]`	No

pre_auth_acl (catalyst_center.fabric.fabric_sites.authentication_template)

Name	Type	Constraint	Mandatory
enabled	Boolean	`true`, `false`	No
implicit_action	Choice	`DENY`, `PERMIT`	No
description	String		No
access_contracts	List	`[access_contracts]`	No

virtual_networks (catalyst_center.fabric.fabric_sites.multicast)

Name	Type	Constraint	Mandatory
name	String		Yes
ip_pool_name	String		Yes
ipv4_ssm_ranges	List	String	No
ipv6_ssm_ranges	List	String	No
multicast_rps	List	`[multicast_rps]`	No

access_contracts (catalyst_center.fabric.fabric_sites.authentication_template.pre_auth_acl)

Name	Type	Constraint	Mandatory
action	Choice	`PERMIT`, `DENY`	Yes
port	Choice	`domain`, `bootpc`, `bootps`	Yes
protocol	Choice	`TCP`, `UDP`, `TCP_UDP`	Yes

multicast_rps (catalyst_center.fabric.fabric_sites.multicast.virtual_networks)

Name	Type	Constraint	Mandatory
name	String		Yes
rp_location	Choice	`FABRIC`, `EXTERNAL`	Yes
ipv4_address	IP		No
ipv6_address	IP		No
is_default_v4_rp	Boolean	`true`, `false`	No
is_default_v6_rp	Boolean	`true`, `false`	No
fabric_rps	List	String	No
ipv4_asm_ranges	List	String	No
ipv6_asm_ranges	List	String	No

Examples

Example-1: Basic Fabric Site with No Authentication

The fabric site configuration includes:

Site hierarchy specification (Global/Canada) for geographic and organizational structure
Authentication template assignment (No Authentication) for simplified initial deployment
Foundation for SD-Access fabric enablement without immediate authentication requirements
Base configuration suitable for proof-of-concept or laboratory environments

---
catalyst_center:
  fabric:
    fabric_sites:
      - name: Global/Canada
        authentication_template:
          name: No Authentication
        pub_sub_enabled: true

Example-2: Campus Fabric Site with Closed Authentication

---
catalyst_center:
  fabric:
    fabric_sites:
      - name: Global/Canada
        authentication_template:
          name: Closed Authentication
        pub_sub_enabled: true

Example-3: Multi-Site Fabric Deployment

---
catalyst_center:
  fabric:
    fabric_sites:
      - name: Global/North_America/New_York_Office
        authentication_template:
          name: Closed Authentication
        pub_sub_enabled: true


      - name: Global/Asia_Pacific/Tokyo_Branch
        authentication_template:
          name: Open Authentication
        pub_sub_enabled: true

      - name: Global/Europe/London_Office
        authentication_template:
          name: Low Impact
        pub_sub_enabled: true


      - name: Global/Americas/Mexico_City_Branch
        authentication_template:
          name: No Authentication
        pub_sub_enabled: true

Example-4: Fabric Site custom authentication template

This example demonstrates how to configure a fabric site with custom options for authentication templates

---
catalyst_center:
  fabric:
    fabric_sites:
      - name: Global/Corporate/London_Office
        authentication_template:
          name: Closed Authentication
          dot1x_to_mab_fallback_timeout: 30
          wake_on_lan: false
          number_of_hosts: Unlimited
          authentication_order: dot1x
          bpdu_guard: false
        pub_sub_enabled: true


     - name: Global/Corporate/Tokyo_Branch
        authentication_template:
        authentication_template:
          name: Low Impact
          dot1x_to_mab_fallback_timeout: 30
          wake_on_lan: false
          number_of_hosts: Unlimited
          authentication_order: mac
          bpdu_guard: false
          pre_auth_acl:
            enabled: true
            implicit_action: PERMIT
            access_contracts:
              - action: PERMIT
                port: domain
                protocol: UDP
              - action: PERMIT
                port: bootpc
                protocol: UDP
              - action: PERMIT
                port: bootps
                protocol: UDP
        pub_sub_enabled: true

Example 5: Fabric Site Reconfiguration

When the IPv4 pool used by a Fabric site is modified, for example when DHCP or DNS server information is updated, the Fabric becomes out of date. The site must be reprovisioned so that the changes take effect.

Cisco Catalyst Center displays a warning on the Fabric site indicating that a reconfiguration is required.

---
catalyst_center:
  fabric:
    fabric_sites:
      - name: Global/Poland/Krakow
        reconfigure: true